Certbot Renewal Fails with Dynamic Portal

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

Certbot Renewal Fails with Dynamic Portal

Postby vkad » Thu Aug 27, 2020 2:20 pm

As it is about time my web server issued a request to renew the SSL certificate using certbot, it failed spectacularly taking down all the agents on it.

The issue is the ACME servers cant access our server due to the dynamic portal.

How can we resolve this issue?

Thanks
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 208
Joined: Thu Nov 09, 2017 3:46 am

Re: Certbot Renewal Fails with Dynamic Portal

Postby carpenox » Thu Aug 27, 2020 4:42 pm

are you directing all traffic to port 81 or 446 for the dynportal? Is your firewall open to port 443 and 80?
Alma Linux 9.3 | Version: 2.14-911a | SVN Version: 3815 | DB Schema Version: 1710 | Asterisk 18.18.1
www.dialer.one -:- 1-833-DIALER-1 -:- https://linktr.ee/CyburDial -:- WhatsApp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 2230
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: Certbot Renewal Fails with Dynamic Portal

Postby williamconley » Thu Aug 27, 2020 8:46 pm

First:

Code: Select all
iptables -I INPUT 1 -j ACCEPT


Second:

Run the certbot renewal

Third:

Code: Select all
iptables -D INPUT -j ACCEPT


Of course, certbot shouldn't have broken anything if it was configured correctly ... unless you canceled in the middle and it was partially done. That could be awkward, I guess.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Certbot Renewal Fails with Dynamic Portal

Postby Kumba » Fri Sep 11, 2020 2:16 am

So part of the problem is that the ACME servers come from a wide range of places. You're going to need to modify the certbot bash script so that is opens up the web ports to the whole internet, renews the cert, then closes the port. I'll work on modifying the certbot script so that it does this in the future.

In the mean-time, as a workaround, you would want to either create a bash script or modify the crontab so that it opens port 80 to the internet before running certbot and closes it after. Here's what that bash script would look like:

Code: Select all
#!/bin/bash
firewall-cmd --zone=public --add-service=http
/usr/bin/certbot -n --webroot renew >/dev/null 2>&1
firewall-cmd --zone=public --remove-service=http

You would then run this bash script in place of the certbot entry in the crontab.

You could also just put the firewall-cmd lines above in the actual crontab. You'd just put the first one before certbot and the second after after certbot in the cron just like how they're listed.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: Certbot Renewal Fails with Dynamic Portal

Postby bronson » Mon Oct 24, 2022 3:32 am

Hello,

I am having the same issue. My ssl cert failed to renew.

I am getting this error below:

Code: Select all
Vicibox10:~ # /root/.acme.sh/acme.sh --renew-all
[Mon Oct 24 04:13:14 EDT 2022] Renew: 'dialer.domain.tld'
[Mon Oct 24 04:13:15 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Oct 24 04:13:15 EDT 2022] Single domain='dialer.domain.tld'
[Mon Oct 24 04:13:15 EDT 2022] Getting domain auth token for each domain
[Mon Oct 24 04:13:15 EDT 2022] Getting webroot for domain='dialer.domain.tld'
[Mon Oct 24 04:13:15 EDT 2022] Verifying: dialer.domain.tld
[Mon Oct 24 04:13:15 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Mon Oct 24 04:13:18 EDT 2022] dialer.domain.tld:Verify error:111.123.1.321: Fetching https://dialer.domain.tld//.well-known/acme-challenge/QWERTY_1245UIOP_6789_0: Error getting validation data
[Mon Oct 24 04:13:18 EDT 2022] Please add '--debug' or '--log' to check more details.
[Mon Oct 24 04:13:18 EDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Oct 24 04:13:18 EDT 2022] Error renew dialer.domain.tld.
Vicibox10:~ #


Here is the output when I debug:

Code: Select all
Vicibox10:~ # /root/.acme.sh/acme.sh --renew-all --debug                                                                                                                     [Mon Oct 24 04:19:01 EDT 2022] Lets find script dir.
[Mon Oct 24 04:19:01 EDT 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mon Oct 24 04:19:01 EDT 2022] _script='/usr/share/vicibox-ssl/acme.sh'
[Mon Oct 24 04:19:01 EDT 2022] _script_home='/usr/share/vicibox-ssl'
[Mon Oct 24 04:19:01 EDT 2022] Using default home:/root/.acme.sh
[Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v3.0.1
[Mon Oct 24 04:19:01 EDT 2022] Running cmd: renewAll
[Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh
[Mon Oct 24 04:19:01 EDT 2022] default_acme_server='https://acme-v02.api.letsencrypt.org/di                                                                             rectory'
[Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo                                                                             ry'
[Mon Oct 24 04:19:01 EDT 2022] _stopRenewOnError
[Mon Oct 24 04:19:01 EDT 2022] _set_level='2'
[Mon Oct 24 04:19:01 EDT 2022] di='/root/.acme.sh/dialer.domain.tld/'
[Mon Oct 24 04:19:01 EDT 2022] d='dialer.domain.tld'
[Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh
[Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo                                                                             ry'
[Mon Oct 24 04:19:01 EDT 2022] DOMAIN_PATH='/root/.acme.sh/dialer.domain.tld'
[Mon Oct 24 04:19:01 EDT 2022] Renew: 'dialer.domain.tld'
[Mon Oct 24 04:19:01 EDT 2022] Le_API='https://acme-v02.api.letsencrypt.org/directory'
[Mon Oct 24 04:19:01 EDT 2022] Using config home:/root/.acme.sh
[Mon Oct 24 04:19:01 EDT 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directo                                                                             ry'
[Mon Oct 24 04:19:01 EDT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/d                                                                             irectory
[Mon Oct 24 04:19:01 EDT 2022] Retrying GET
[Mon Oct 24 04:19:01 EDT 2022] GET
[Mon Oct 24 04:19:01 EDT 2022] url='https://acme-v02.api.letsencrypt.org/directory'
[Mon Oct 24 04:19:01 EDT 2022] timeout=
[Mon Oct 24 04:19:01 EDT 2022] displayError='1'
[Mon Oct 24 04:19:01 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade                                                                             r  -L  -g '
[Mon Oct 24 04:19:02 EDT 2022] ret='0'
[Mon Oct 24 04:19:02 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:02 EDT 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/k                                                                             ey-change'
[Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_AUTHZ
[Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/ne                                                                             w-order'
[Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/                                                                             new-acct'
[Mon Oct 24 04:19:02 EDT 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/                                                                             revoke-cert'
[Mon Oct 24 04:19:02 EDT 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3                                                                             -September-21-2022.pdf'
[Mon Oct 24 04:19:02 EDT 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/ne                                                                             w-nonce'
[Mon Oct 24 04:19:02 EDT 2022] _main_domain='dialer.domain.tld'
[Mon Oct 24 04:19:02 EDT 2022] _alt_domains='no'
[Mon Oct 24 04:19:02 EDT 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/d                                                                             irectory
[Mon Oct 24 04:19:02 EDT 2022] _init api for server: https://acme-v02.api.letsencrypt.org/d                                                                             irectory
[Mon Oct 24 04:19:02 EDT 2022] Le_NextRenewTime='1663617176'
[Mon Oct 24 04:19:02 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Oct 24 04:19:02 EDT 2022] _on_before_issue
[Mon Oct 24 04:19:02 EDT 2022] _chk_main_domain='dialer.domain.tld'
[Mon Oct 24 04:19:02 EDT 2022] _chk_alt_domains
[Mon Oct 24 04:19:02 EDT 2022] Le_LocalAddress
[Mon Oct 24 04:19:02 EDT 2022] d='dialer.domain.tld'
[Mon Oct 24 04:19:02 EDT 2022] Check for domain='dialer.domain.tld'
[Mon Oct 24 04:19:02 EDT 2022] _currentRoot='/srv/www/htdocs/'
[Mon Oct 24 04:19:02 EDT 2022] d
[Mon Oct 24 04:19:02 EDT 2022] _saved_account_key_hash is not changed, skip register accoun                                                                             t.
[Mon Oct 24 04:19:02 EDT 2022] Read key length:
[Mon Oct 24 04:19:02 EDT 2022] _createcsr
[Mon Oct 24 04:19:02 EDT 2022] Single domain='dialer.domain.tld'
[Mon Oct 24 04:19:02 EDT 2022] Getting domain auth token for each domain
[Mon Oct 24 04:19:02 EDT 2022] d
[Mon Oct 24 04:19:02 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Mon Oct 24 04:19:02 EDT 2022] payload='{"identifiers": [{"type":"dns","value":"dialer.domain.tld"}]}'
[Mon Oct 24 04:19:02 EDT 2022] RSA key
[Mon Oct 24 04:19:02 EDT 2022] Retrying post
[Mon Oct 24 04:19:02 EDT 2022] HEAD
[Mon Oct 24 04:19:02 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-non                                                                             ce'
[Mon Oct 24 04:19:02 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade                                                                             r  -L  -g  -I  '
[Mon Oct 24 04:19:02 EDT 2022] _ret='0'
[Mon Oct 24 04:19:02 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:02 EDT 2022] Retrying post
[Mon Oct 24 04:19:02 EDT 2022] POST
[Mon Oct 24 04:19:02 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-ord                                                                             er'
[Mon Oct 24 04:19:02 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade                                                                             r  -L  -g '
[Mon Oct 24 04:19:03 EDT 2022] _ret='0'
[Mon Oct 24 04:19:03 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:03 EDT 2022] code='201'
[Mon Oct 24 04:19:03 EDT 2022] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/orde                                                                             r/642796956/137459868632'
[Mon Oct 24 04:19:03 EDT 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/                                                                             finalize/642796956/137459868632'
[Mon Oct 24 04:19:03 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1681                                                                             15650402'
[Mon Oct 24 04:19:03 EDT 2022] payload
[Mon Oct 24 04:19:03 EDT 2022] Retrying post
[Mon Oct 24 04:19:03 EDT 2022] POST
[Mon Oct 24 04:19:03 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v                                                                             3/123456789123'
[Mon Oct 24 04:19:03 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade                                                                             r  -L  -g '
[Mon Oct 24 04:19:03 EDT 2022] _ret='0'
[Mon Oct 24 04:19:03 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:03 EDT 2022] code='200'
[Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld'
[Mon Oct 24 04:19:03 EDT 2022] Getting webroot for domain='dialer.domain.tld'
[Mon Oct 24 04:19:03 EDT 2022] _w='/srv/www/htdocs/'
[Mon Oct 24 04:19:03 EDT 2022] _currentRoot='/srv/www/htdocs/'
[Mon Oct 24 04:19:03 EDT 2022] entry='"type":"http-01","status":"pending","url":"https://ac                                                                             me-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg","token":"qwertyuiop123456"'
[Mon Oct 24 04:19:03 EDT 2022] token='qwertyuiop123456'
[Mon Oct 24 04:19:03 EDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681                                                                             15650402/rOgvsg'
[Mon Oct 24 04:19:03 EDT 2022] keyauthorization='qwert125E.nanananananananana56789'
[Mon Oct 24 04:19:03 EDT 2022] dvlist='dialer.domain.tld#asdf987654321lkjhg#https://acme-v02.api.letsencrypt.org/                                                                             acme/chall-v3/123456789123/q0fhhsg#http-01#/srv/www/htdocs/'
[Mon Oct 24 04:19:03 EDT 2022] d
[Mon Oct 24 04:19:03 EDT 2022] vlist='dialer.domain.tld#blahblahblah99999WR6q82OY2M7hQ3SBmqnFrK-6sQXHbX_6UouC4#https://acme-v02.api.letsencrypt.org/a                                                                             cme/chall-v3/123456789123/rOgvsg#http-01#/srv/www/htdocs/,'
[Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld'
[Mon Oct 24 04:19:03 EDT 2022] ok, let's start to verify
[Mon Oct 24 04:19:03 EDT 2022] Verifying: dialer.domain.tld
[Mon Oct 24 04:19:03 EDT 2022] d='dialer.domain.tld'
[Mon Oct 24 04:19:03 EDT 2022] keyauthorization='qwert125E.nanananananananana56789'
[Mon Oct 24 04:19:03 EDT 2022] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681                                                                             15650402/rOgvsg'
[Mon Oct 24 04:19:03 EDT 2022] _currentRoot='/srv/www/htdocs/'
[Mon Oct 24 04:19:03 EDT 2022] wellknown_path='/srv/www/htdocs//.well-known/acme-challenge'
[Mon Oct 24 04:19:03 EDT 2022] writing token:qwertyuiop123456 to                                                                              /srv/www/htdocs//.well-known/acme-challenge/qwertyuiop123456
[Mon Oct 24 04:19:03 EDT 2022] Changing owner/group of .well-known to root:root
[Mon Oct 24 04:19:03 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1681                                                                             15650402/rOgvsg'
[Mon Oct 24 04:19:03 EDT 2022] payload='{}'
[Mon Oct 24 04:19:03 EDT 2022] Retrying post
[Mon Oct 24 04:19:03 EDT 2022] POST
[Mon Oct 24 04:19:03 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v                                                                             3/123456789123/rOgvsg'
[Mon Oct 24 04:19:03 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.heade                                                                             r  -L  -g '
[Mon Oct 24 04:19:03 EDT 2022] _ret='0'
[Mon Oct 24 04:19:03 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:03 EDT 2022] code='200'
[Mon Oct 24 04:19:03 EDT 2022] trigger validation code: 200
[Mon Oct 24 04:19:03 EDT 2022] Pending, The CA is processing your order, please just wait.                                                                              (1/30)
[Mon Oct 24 04:19:03 EDT 2022] sleep 2 secs to verify again
[Mon Oct 24 04:19:05 EDT 2022] checking
[Mon Oct 24 04:19:05 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg'
[Mon Oct 24 04:19:05 EDT 2022] payload
[Mon Oct 24 04:19:05 EDT 2022] Retrying post
[Mon Oct 24 04:19:05 EDT 2022] POST
[Mon Oct 24 04:19:05 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg'
[Mon Oct 24 04:19:05 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mon Oct 24 04:19:05 EDT 2022] _ret='0'
[Mon Oct 24 04:19:05 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:05 EDT 2022] code='200'
[Mon Oct 24 04:19:05 EDT 2022] dialer.domain.tld:Verify error:172.105.0.183: Fetching https://dialer.domain.tld//.well-known/acme-challenge/qwertyuiop123456: Error getting validation data
[Mon Oct 24 04:19:05 EDT 2022] Debug: get token url.
[Mon Oct 24 04:19:05 EDT 2022] Retrying GET
[Mon Oct 24 04:19:05 EDT 2022] GET
[Mon Oct 24 04:19:05 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:05 EDT 2022] timeout=1
[Mon Oct 24 04:19:05 EDT 2022] displayError='1'
[Mon Oct 24 04:19:05 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:05 EDT 2022] ret='60'
[Mon Oct 24 04:19:05 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:07 EDT 2022] Retrying GET
[Mon Oct 24 04:19:07 EDT 2022] GET
[Mon Oct 24 04:19:07 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:07 EDT 2022] timeout=1
[Mon Oct 24 04:19:07 EDT 2022] displayError='1'
[Mon Oct 24 04:19:07 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:07 EDT 2022] ret='60'
[Mon Oct 24 04:19:07 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:09 EDT 2022] Retrying GET
[Mon Oct 24 04:19:09 EDT 2022] GET
[Mon Oct 24 04:19:09 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:09 EDT 2022] timeout=1
[Mon Oct 24 04:19:09 EDT 2022] displayError='1'
[Mon Oct 24 04:19:09 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:09 EDT 2022] ret='60'
[Mon Oct 24 04:19:09 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:11 EDT 2022] Retrying GET
[Mon Oct 24 04:19:11 EDT 2022] GET
[Mon Oct 24 04:19:11 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:11 EDT 2022] timeout=1
[Mon Oct 24 04:19:11 EDT 2022] displayError='1'
[Mon Oct 24 04:19:11 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:11 EDT 2022] ret='60'
[Mon Oct 24 04:19:11 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:13 EDT 2022] Retrying GET
[Mon Oct 24 04:19:13 EDT 2022] GET
[Mon Oct 24 04:19:13 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:13 EDT 2022] timeout=1
[Mon Oct 24 04:19:13 EDT 2022] displayError='1'
[Mon Oct 24 04:19:13 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:13 EDT 2022] ret='60'
[Mon Oct 24 04:19:13 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:15 EDT 2022] Retrying GET
[Mon Oct 24 04:19:15 EDT 2022] GET
[Mon Oct 24 04:19:15 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:15 EDT 2022] timeout=1
[Mon Oct 24 04:19:16 EDT 2022] displayError='1'
[Mon Oct 24 04:19:16 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:16 EDT 2022] ret='60'
[Mon Oct 24 04:19:16 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:18 EDT 2022] Retrying GET
[Mon Oct 24 04:19:18 EDT 2022] GET
[Mon Oct 24 04:19:18 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:18 EDT 2022] timeout=1
[Mon Oct 24 04:19:18 EDT 2022] displayError='1'
[Mon Oct 24 04:19:18 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:18 EDT 2022] ret='60'
[Mon Oct 24 04:19:18 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:20 EDT 2022] Retrying GET
[Mon Oct 24 04:19:20 EDT 2022] GET
[Mon Oct 24 04:19:20 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:20 EDT 2022] timeout=1
[Mon Oct 24 04:19:20 EDT 2022] displayError='1'
[Mon Oct 24 04:19:20 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:20 EDT 2022] ret='60'
[Mon Oct 24 04:19:20 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:22 EDT 2022] Retrying GET
[Mon Oct 24 04:19:22 EDT 2022] GET
[Mon Oct 24 04:19:22 EDT 2022] url='http://dialer.domain.tld/.well-known/acme-challenge/qwertyuiop123456'
[Mon Oct 24 04:19:22 EDT 2022] timeout=1
[Mon Oct 24 04:19:22 EDT 2022] displayError='0'
[Mon Oct 24 04:19:22 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
[Mon Oct 24 04:19:22 EDT 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Mon Oct 24 04:19:22 EDT 2022] ret='60'
[Mon Oct 24 04:19:22 EDT 2022] _hcode='60'
[Mon Oct 24 04:19:24 EDT 2022] Debugging, skip removing: /srv/www/htdocs//.well-known/acme-challenge/qwertyuiop123456
[Mon Oct 24 04:19:24 EDT 2022] pid
[Mon Oct 24 04:19:24 EDT 2022] No need to restore nginx, skip.
[Mon Oct 24 04:19:24 EDT 2022] _clearupdns
[Mon Oct 24 04:19:24 EDT 2022] dns_entries
[Mon Oct 24 04:19:24 EDT 2022] skip dns.
[Mon Oct 24 04:19:24 EDT 2022] _on_issue_err
[Mon Oct 24 04:19:24 EDT 2022] Please add '--debug' or '--log' to check more details.
[Mon Oct 24 04:19:24 EDT 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Mon Oct 24 04:19:24 EDT 2022] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg'
[Mon Oct 24 04:19:24 EDT 2022] payload='{}'
[Mon Oct 24 04:19:24 EDT 2022] Retrying post
[Mon Oct 24 04:19:24 EDT 2022] POST
[Mon Oct 24 04:19:24 EDT 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789123/rOgvsg'
[Mon Oct 24 04:19:24 EDT 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Mon Oct 24 04:19:24 EDT 2022] _ret='0'
[Mon Oct 24 04:19:24 EDT 2022] _hcode='0'
[Mon Oct 24 04:19:24 EDT 2022] code='400'
[Mon Oct 24 04:19:24 EDT 2022] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d  10 Sep 2019
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Apr  3 2018 11:53:32
   running on Linux version #1 SMP Fri Jun 25 12:36:56 UTC 2021 (6856d31), release 5.3.18-59.10-default, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #define WITH_READLINE 1
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
[Mon Oct 24 04:19:24 EDT 2022] Return code: 1
[Mon Oct 24 04:19:24 EDT 2022] Error renew dialer.domain.tld.
[Mon Oct 24 04:19:24 EDT 2022] _error_level='1'
[Mon Oct 24 04:19:24 EDT 2022] _set_level='2'
Vicibox10:~ #
bronson
 
Posts: 95
Joined: Thu Oct 14, 2021 10:34 am

Re: Certbot Renewal Fails with Dynamic Portal

Postby bronson » Tue Oct 25, 2022 2:14 am

I was able to renew my cert by moving apache to "public", then turning off the firewall, then removing apache from public, then restarting my server.

I'd prefer not to have to do that each time my cert expires so I'll try adding that code above to my crontab and see if that helps.
bronson
 
Posts: 95
Joined: Thu Oct 14, 2021 10:34 am


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 45 guests